Threat protection company Damballa has released its latest State of Infections report for the fourth quarter of 2014 which highlights the limitations of a prevention-focused approach to security.

The report finds that within the first hour of submission, AV products missed nearly 70 percent of malware. Further, when rescanned to identify malware signatures, only 66 percent were identified after 24 hours, and after seven days the total was 72 percent. It took more than six months for AV products to create signatures for 100 percent of new malicious files.

This has an impact on containment and raises the risk that at any time there may be live infections on a network. The report also highlights the importance of automating manual processes and decreasing the noise from false positives to make the most of skilled security manpower, rather than trawling through uncorroborated alerts to find the true infections

In order to reduce manual efforts, Damballa advises that security teams must have automatic detection of actual infections able to reach a statistical threshold of confidence in a true positive infection. They also need integration between detection and response systems, and policies that enable automated response based on a degree of confidence.

Damballa State of Infections Report Q4 2014
https://www.damballa.com/state-infections-report-q4-2014/

With only 4% of the almost 17,000 weekly malware alerts getting investigated, the traditional approach to preventing malware attacks needs a makeover.

With limited financial and human resources to apply to security, no company can afford to dedicate the majority of its budget to failing security controls. While prevention-based defenses will continue to be important, companies need to put greater emphasis on detection and response.

Symantec also will retire some of its stand-alone Norton legacy products, such as Norton Internet Security, Norton AntiVirus and Norton360.

The days of buying a compact disc and loading security software—or any software, for that matter—onto a PC or server are rapidly dwindling.

Data security provider Symantec Aug. 19 became the latest vendor to announce that its main software product—Norton—is moving into a cloud-based subscription model. – See more at: http://www.eweek.com/security/symantec-moving-all-norton-security-into-one-cloud-service.html?google_editors_picks=true#sthash.I4cgBdtG.dpuf

Symantec recently made a loud statement that antivirus is dead and that they don’t really consider it to be a source of profit. Some companies said the same afterwards; some other suggested that Symantec just wants a bit of free media attention. The press is full of data on antivirus efficiency being quite low. A notable example would be the Zeus banking Trojan, and how only 40% of its versions can be stopped by antivirus software. The arms race between malware authors and security companies is unlikely to stop.

Infosec house Panda Security is looking to Big Data and application monitoring as a means to achieve better malware detection.

The launch of Panda Advanced Protection Service (PAPS) is a response to the widely known shortcomings of signature-based anti-virus detection as well as a means for Panda to sell extra services. The technology will be marketed to larger firms as well as offered through cloud tech partners, such as Spanish managed security services firm Indra.

The sheer volume of malware production has long outpaced legacy blacklisting techniques based on recognising known bad apps by their signatures. In response security vendors have developed technologies such as heuristics (generic detection of similar malware), whitelisting and cloud-based technologies.

Most modern security scanners incorporate all these technologies despite marketing claims by rival vendors to the contrary.

Panda – like most of its peers – argues that anti-virus technology still has its place as something that’s necessary, albeit insufficient.

“Anti-virus is a cost-effective means to detect and stop known attacks,” said Luis Corrons, technical director of PandaLabs.

Security company Symantec announced earlier in the week studying the virus to be in vain, and that the focus should be on minimizing the damage caused by the attacks. Symantec Brian Dye justified its position that the virus scanner detects now only about 45 per cent of the attacks .

The competitor Bitdefender does not claim to swallow . “It’s almost like saying that aspirin is dead, because it can not cure cancer, AIDS , or indeed all diseases of mankind ,”

“Asperin does the trick still a slight hangover or the flu, and people still like the product to the medicine cabinet . ”

Virus Radar should rather seen as part of a broader security solution as the only weapon.

Source: http://www.tietoviikko.fi/kaikki_uutiset/tietoturvayhtio+virustutkat+eivat+ole+turhia++quotaspiriinikin+tepsii+krapulaanquot/a986850

“The overall detection by anti-virus software in January was disappointing — only 70.62 percent. For February it is even worse — only 64.77 percent was detected. And in March the average detection was 73.56 percent. That might not sound too bad but it means that 29 percent, 35 percent and 26 percent was not detected,” the company’s report read.

“Protecting your data from Internet-based threats is not an easy task – and relying on protection from anti-virus companies, no matter how established their brand, is simply not enough. Comprehensive protection requires an entirely new approach.”

“To be clear, single-iteration malware will continue to persist, and a minor need for AV will remain to provide a layer of reactive protection against these unsophisticated, benign threats. But with high-profile breaches occurring frequently, being driven by fast-moving, advanced threats, it is clear that next generation technologies and approaches are needed,” FireEye’s Zheng Bu and Rob Rachwald said in a blog post.

“Today’s AV model makes everyone a sacrificial lamb.”

Symantec Corp. SYMC -1.33% invented commercial antivirus software to protect computers from hackers a quarter-century ago. Now the company says such tactics are doomed to failure.

Antivirus “is dead,” says Brian Dye, Symantec’s senior vice president for information security. “We don’t think of antivirus as a moneymaker in any way.”

Antivirus products aim to prevent hackers from getting into a computer. But hackers often get in anyway these days. So Mr. Dye is leading a reinvention effort at Symantec that reflects a broader shift in the $70 billion a year cybersecurity industry.

Rather than fighting to keep the bad guys out, new technologies from an array of companies assume hackers get in so aim to spot them and minimize the damage.

Symantec seeks to join the fray this week. It is creating its own response team to help hacked businesses.

Symantec pioneered computer security with its antivirus software in the late 1980s.

But hackers increasingly use novel bugs. Mr. Dye estimates antivirus now catches just 45% of cyberattacks.

Symantec, a company that has made huge amounts of cash as the largest antivirus software vendor for the last quarter of a century, looks to be getting out of that business and into fixing hacking problems rather than stopping them.

“We don’t think of antivirus as a moneymaker in any way,” Brian Dye, Symantec’s senior vice president for information security, told The Wall Street Journal, adding that antivirus was “dead.”

Dye did take the time to say that the security suite for individual devices is still worth buying, as it blocks spam, manages passwords, and spots dodgy links in third-party websites.

But given that endpoint software accounts for around 40 per cent of Symantec’s revenues, it’s still a worrying admission.

But, think about this, what if you composed a catchier
title? I mean, I don’t want to tell you how to run your
website, but what if you added a title to possibly grab a person’s
attention? I mean The traditional antivirus era is over?